Fraudster exploited US govt staff info stolen in 2015 OPM breach

The data breach suffered by the Office of Personnel Management (OPM) is, by now, very old news, but some of the people involved and affected are still feeling the repercussions.

OPM breach fraud

Stone data used for identity theft

The US Attorney’s Office for the Eastern District of Virginia announced on Monday that a Maryland woman has pleaded guilty to using that stolen identification information to obtain fraudulent personal and vehicle loans through Langley Federal Credit Union (LFCU).

39-year-old Karvia Cross both participated in and recruited others to engage in this fraudulent identity theft scheme.

“In 2015 and 2016, LFCU received numerous online membership and consumer loan applications in the names of stolen identities that were victims of the OPM data breach. LFCU approved and issued the requested memberships and loans prior to determining that they had been sought using the stolen personal identifying information of others,” the Department of Justice explained.

“LFCU disbursed loan proceeds via checks and transfers into the checking and savings accounts opened through these fraudulent applications. Vehicle loan proceeds were disbursed by checks made payable to individuals posing as vehicle sellers, while personal loan proceeds were disbursed to LFCU accounts opened in connection with the fraudulent loan applications and transferred to accounts of others. Cross and others then accessed and withdrew the fraudulently obtained loan proceeds.”

Cross is the second person involved in this scheme to plead guilty to conspiracy to commit bank fraud and aggravated identity theft: co-defendant Marlon McKnight pleaded guilty to the same charges on June 11.

Cross will be sentenced in October 2018, and is facing a minimum of two years in prison.

The OPM breach

The OPM breach, predating April 2015, was hypothesized to be the work of Chinese hackers as it resulted in the compromise of huge amounts of sensitive personal information of nearly 22 million US government employees, contractors and job applicants.

But, as it turned out, at least some of that information somehow ended in the hands of common fraudsters. How that happened is still unknown – the Department of Justice has yet to reveal that piece of information.

When the breach happened, the Federal Government offered individuals impacted by it a variety of identity monitoring, credit monitoring and identity restoration services, as well as identity theft insurance.